Phishing Scams for CrowdStrike Customers Continue, GitHub Vulnerabilities, and North Korea’s Rans…
Cybersecurity Digest for 26 July 2024
Today we discuss the following items:
Notable News
Crowdstrike Post Incident Report:
Falcon Content Update Remediation and Guidance Hub | CrowdStrike (https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/)
Crowdstrike Phishing Campaigns:
Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity (crowdstrike.com) (https://www.crowdstrike.com/blog/malicious-inauthentic-falcon-crash-reporter-installer-spearphishing/)
Malware Distributed Using Falcon Sensor Update Phishing Lure | CrowdStrike (https://www.crowdstrike.com/blog/lumma-stealer-with-cypherit-phishing-lure/)
Threat Actor Distributes Python-Based Info Stealer Using Fake Update (crowdstrike.com) (https://www.crowdstrike.com/blog/threat-actor-distributes-python-based-information-stealer/)
Apparent CrowdStrike Threat Actor List Leak:
Hacktivist Entity USDoD Claims to Have Leaked CrowdStrike’s Threat Actor List (https://www.crowdstrike.com/blog/hacktivist-usdod-claims-to-have-leaked-threat-actor-list/)
Meta Ousts 63,000 accounts linked to Sextortion :
Combating Financial Sextortion Scams From Nigeria | Meta (fb.com) (https://about.fb.com/news/2024/07/combating-financial-sextortion-scams-from-nigeria/)
Darknet Diaries Episode related to the Sextortion Scams:
The Pig Butcher – Darknet Diaries (https://darknetdiaries.com/episode/141/)
Rapid7 Malware Campaign using Fake W2:
Malware Campaign Lures Users With Fake W2 Form | Rapid7 Blog (https://www.rapid7.com/blog/post/2024/07/24/malware-campaign-lures-users-with-fake-w2-form/)
GitHub Deleted and Private Repo Access:
Anyone can Access Deleted and Private Repository Data on GitHub ◆ Truffle Security Co. (https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github)
GitHub Accounts Distributing Malware:
Over 3,000 GitHub accounts used by malware distribution service (bleepingcomputer.com) (https://www.bleepingcomputer.com/news/security/over-3-000-github-accounts-used-by-malware-distribution-service/)
Windows SmartScreen Flaw:
Windows SmartScreen Flaw Enabling Data Theft in Major Stealer Attack (hackread.com) (https://hackread.com/windows-smartscreen-flaw-data-theft-stealer-attack/)
Apt45 Shifts from Espionage to Ransomware:
APT45: North Korea’s Digital Military Machine | Google Cloud Blog (https://cloud.google.com/blog/topics/threat-intelligence/apt45-north-korea-digital-military-machine/)
Related CISA Advisory:
North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs | CISA (https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a)
Prevalent Patches
Google Chrome Fixes Vulnerabilities:
Chrome Releases: Stable Channel Update for Desktop (googleblog.com) (https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html)
Docker Fixes Authentication Bypass:
Docker Security Advisory: AuthZ Plugin Bypass Regression in Docker Engine | Docker (https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/)
Siemens Fixes Closes Backdoors:
SSA-071402 (siemens.com) (https://cert-portal.siemens.com/productcert/html/ssa-071402.html)
Progress Telerik Vulnerability:
Insecure Deserialization Vulnerability – Telerik Report Server (https://docs.telerik.com/report-server/knowledge-base/deserialization-vulnerability-cve-2024-6327)
CISA Alert:
BIND 9:
ISC Releases Security Advisories for BIND 9 | CISA (https://www.cisa.gov/news-events/alerts/2024/07/24/isc-releases-security-advisories-bind-9)
Related news:
BIND DNS Server Vulnerability Lets Attackers Flood Server (cybersecuritynews.com) (https://cybersecuritynews.com/bind-dns-server-vulnerability/)
by The Cybersecurity Digest
windows server dns
